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Abstract. In this article, we illustrate an algorithm for the computa- 
tion of the weight distribution of CRC codes. The recursive structure of 
CRC codes will give us an iterative way to compute the weight distribu- 
tion of their dual codes starting from just some "representative" words. 
Thanks to Mac Williams Theorem, the computation of the weight distri- 
bution of dual codes can be easily brought back to that of CRC codes. 
This algorithm is a good alternative to the standard algorithm that 
involves listing every word of the code. 



1. Introduction 

Cyclic Redundancy Check (CRC) codes are an important class of error 
detecting codes. These codes are widely used in computer communication 
networks because of their easy and fast encoder and decoder implementation 
and their considerable burst-error detection capability. This properties are 
provided by the structure of shortened cyclic code. This capability to detect 
burst-errors is well-studied in |Wic95j . 

To measure the degree of goodness of error-detecting codes, we have to 
investigate two properties. The first is the minimum distance of the code. 
This quantity is the smallest number of bit positions in which any two given 
words of the code differ. The second is the undetected error probability (P ue ) 
that measures the probability that an error occurs during transmission that 
cannot be detected by the decoder. The performance of the code improves 
when the minimum distance increases or when P ue decreases. 

To investigate these two properties, it is important to know the weight 
distribution of the code. A way to compute this distribution is to list all of 
the words of the dual code and compute their Hamming weights. The weight 
distribution of the code is then provided by the Theorem of MacWilliams 
|MS88| . 

The structure of CRC codes offers the opportunity to construct an ad-hoc 
algorithm that has less computational cost; see |CBH93j for a treatment of 
the binary case. 

This work extends the algorithm to CRC codes over any finite field. 

The second section of this paper is concerned with preliminary notions. 
We treat more precisely, but not in detail, CRC codes and properties they 
have in common with cyclic codes. A good working definition of CRC codes 
is also given. 

The third section deals with the fundamental step of the algorithm. We 
examine the connection between Linear Recurring Sequences (LRS's) and 
words of the dual code of a CRC code, explain the need of the choice of the 
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best LRS and consider the bijective relation between LRS's and elements of 
¥ q [x]/(g(x)), where g(x) is the polynomial generating the code. 

We will then turn our interest to the structure of the ring ¥ q [x]/(g(x)). 
The fourth section shows that it is possible to use the Chinese Remainder 
Theorem in order to work with quotients rings via powers of irreducible 
polynomials. 

The main task of the fifth section is to find representatives of the x-orbits 
in the ring ¥ q [x]/(g(x) t ), where g{x) is an irreducible polynomial. First of 
all we obtain a decomposition of this ring in an union of sets which are 
stable under x-multiplication. First we go deep into the representation of 
the multiplicative group of a ring as a product of cyclic groups. A set 
of generators of these cyclic groups is explicitly shown. Then, we use the 
preceding results to construct a set of representatives of every possible x- 
orbit of the ring. 

2. Preliminaries 

In the introduction, we stated that CRC codes are extensively used nowa- 
days. Despite that in literature there is differing definitions of this code. 
This is raised to the different ideas about their utilize. Now we will give 
a definition of this codes from |Rosf)l| to then bring back us to the more 
operational one. 

Definition 1. Let g(x) 6 ¥ q [x] be a monic polynomial over the finite field 
¥ q of characteristic p. Let us consider the encoding map 

<P:F q [x] -> F q [x] 

m(x) i— > c(x) = m{x)g{x). 

A Cyclic Redundancy Check ( CRC) code is then the ideal (g{x)) = im <j). 

This definition give the basic property of CRC codes, i.e. the fact that 
they are generated by a generator polynomial g(x). 

Such a definition of CRC codes is appropriate from a theoretical point of 
view, but in application this definition is not enough. The resulting code is 
not observable, see |Ros01j . 

One way to correct this problem in to predetermine the length of the 
message. This allows the receiver to test for code membership by long 
division. If c(x) is the received word, compute 

c(x) = rh{x)g{x) + r(x). 

If r(x) = 0, then the receiver can conclude that rh(x) is the transmitted 
message m(x). Otherwise a retransmission will be requested. 
We thus arrive at a better working definition of CRC codes. 

Definition 2. Let n, r 6 N with n > r > 0. Let q £ N be some power of a 
prime number p and g{x) € ¥ q [x] a monic polynomial such that degg(x) = r 
and g(0) ^ 0. 

A (n,n — r) CRC code C is the set 

C = {c(x) £ ¥ q [x] | c(x) = g(x)m(x), degm(x) < n — r} . 
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Such a set has the structure of a linear code. We note that a CRC code 
is a cyclic code if and only if the generator polynomial g(x) divides x n — 1. 

From this representation, it is easy to deduce that CRC codes are short- 
ened cyclic codes. In fact, a basis of a CRC code can be formed by x- 
multiplications of the generator polynomial. 

As previously stated, the Theorem of Mac Williams give us the possibility 
to switch our interest to the weight distribution of the dual code. 

The dual code of a CRC code has an interesting structure. Given a poly- 
nomial g(x) over ¥ q , the dual code of a CRC code of any length generated 
by g{x) is isomorphic to the ring ¥ q [x]/(g(x)). 

Via some easy steps which come from the theory of dual codes, it is easy 
to deduce the following property of dual codewords: 

Proposition 3. Let C £ F™ be a CRC code of and 

g(x) = g + gix H h g r _xx r ~ x + x r 

its generator polynomial. Then c = (co, ■ ■ ■ , c n _i) is an element of the dual 
code C 1 - if and only if its components satisfy the relation 

Ci = -goCi- r Sr-lCj-l, i = r, . . . ,n. 

Notations. In this work, we will use the following notations: 

• p will be the prime number that is the characteristic of the ring ¥ q ; 
then q is a power of p, i.e. q = p s for some 5 £ N+; 

• n £ N+ will be the length of the CRC code; 

• g(x) £ ¥ q [x] will be the monic generator polynomial of a CRC code, 
with g(0) ^ 0, degg(x) = r and < r < n; 

• g(x) = YYiLi 9i( x ) e ' wm be the irreducible decomposition of g(x); 

• u will be an element of the ring ¥ q [x]/(g(x)) and u(x) the represen- 
tative of lowest degree of u in F g [x]; 

• TZ g will be the ring ¥ q [x]/(g(x)) and lZ q gt the ring ¥ q [x]/(g(x) t ); 

• Mg will be the multiplicative group of TZg, i.e. (¥ q [x]/(g(x)))* , and 
Mg t the multiplicative group of the ring 7Z q gt . 

3. Quotient Ring by a Primitive Polynomial 
and Fundamental Step of the Algorithm 

In this section the fundamental step of the algorithm will be illustrated. 
We will use algebraic objects such as linear recurring sequences (LRS's) 
|LN93j and polynomials over finite fields. 

The next theorem recalls the part of Kronecker's Theorem |Kro81j which 
is the most interesting for our purpose. 

Theorem 4. Let u(x) £ ¥ q [x] be a polynomial with degu(x) < degg(x). 
Then there exists exactly one sequence (ci)i^ C such that 

—-— = > —tyy =: C{1 x). 

g ( x ) Z-^ ^+1 V / ) 

Moreover the sequence (cj)jgN satisfies the linear relation 
(1) a = -goCi- r g r -iCi-i, i > r. 



1 



FELICE MANGANIELLO 



As an immediate application one obtains the following corollary. 

Corollary 5. There exists a bijection between the ring TZg and the set of all 
LRS with characteristic polynomial g(x). 

From the preliminaries stated in the previous section and from Corollary 
El it follows that there is a bijection between the set of LRS's with character- 
istic polynomial g(x) and the dual code of any CRC code whose generator 
polynomial is g{x). In the following theorem, we make this bijection explicit. 

Theorem 6. Let L g be the set of LRS's over ¥ q with characteristic poly- 
nomial g(x). Let C be an (n,n — r) CRC code over ¥ q whose generator 
polynomial is g(x), and C 1 - its dual code. Then the following relation 

V>: L g - C x 

(Ci)i G N l-> (co,---,C n _i) 

is bijective. 

This relation allows one to work with LRS's instead of with words of the 
dual code. Now we want to represent any word of the dual code through some 
LRS. We want to use the minimum possible number of LRS's to representing 
the dual code. The next lemma will give us the chance to take only some of 
the LRS's of L g in representing the code C : 

Lemma 7. Let C C F™ be a CRC code with generator polynomial g{x), and 
(cj)j g N CFj a LRS whose characteristic polynomial is g{x). Then 

(c fc ,...,Cfc+„_i) eC 1 VA; G N 

This Lemma gives us a way to "extract" words of the dual code using 
only a LRS and the length of the code. 

We will now obtain the best way to construct a LRS. We will use the 
lowest degree representative element of a class of TZg and divide it by the 
monic polynomial g(x). 

Let now u(x) G T q [x] be a polynomial satisfying the hypothesis of The- 
orem @1 A method for obtaining the related LRS is explained in |CBH93| . 
The method follows from the relation 

u(x) _ u'(x) 
g(x) x xg(x) ' 

where u r -\ is the coefficient of the (p— l)-th degree term of the polynomial 
u{x) and u'(x) = xu{x) — u r -\g{x) = xu{x) (mod g{x)). It is trivial to 
see that the polynomial u'{x) satisfies the hypothesis of Theorem 0] as well. 
Relation © can be iterated, and the resulting sequence of coefficients u r -\ 
is a LRS. 

An interesting remark is that LRS can be easily constructed by using 
a Linear Feedback Shift Register (LFSR) with generator polynomial g(x). 
The next subsection is devoted to the fundamental step of the algorithm. 

3.1. The Fundamental Step. Let us now consider a LRS (cj)jgN with 
characteristic polynomial g{x). We will make the way to extract words of 
the dual code of a (n, n — r) CRC code explicit. The following figure depicts 
the idea of algorithm; this scheme follows from Lemma [7| 
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In the figure above, C F" denotes the k-th word of the dual code 
extracted from the above sequence. 

The figure leads directly to relations between the weight distribution of 
the words thus extracted: 

Remark. (Weight relations between words) 

• if Ck-i ^ and Ck+ n -i = 0, then wt(c^) = u;t(c (fc_1 )) - 1; 

• if Cfc_i = and Ck+ n -i ^ 0, then wt(c^) = wt^" 1 ^) + 1; 

• wt(c( k >) = wt(c^ k ~^) otherwise. 

This remark will be very useful in decreasing the computational cost of 
the algorithm. In such a way, once the weight of the first word extracted 
from a LRS (cj)j g N has been computed, the weights of the following words 
can be easily determined. This procedure has a minimal computational cost, 
cause the operations of addition or subtraction are constant time complexity 
operations. 

In |CBH93| . a way to compute these weights from the same two LFSR is 
also explained. The second LFSR has to be shifted n times. The first LFSR 
will give the new input component (bit) of the constructed word and the 
second one the leaving one. 

3.2. Relation Between LRS's and Words of C . Now we are able to 
extract words of the dual code from LRS's, but some questions are still 
unanswered. What is a minimal set of LRS's sufficient to determine the 
weight distribution? How can we be sure that we are not considering the 
same word more than once? 
We define next sets: 

Definition 8. Let u(x) 6 ¥ q [x] with degu(x) < degg(x), and (cj)^ C F^ 
be the LRS related to u(x) (see Theorem]^). We denote with C C 1 - the 
set of all words of the dual code of a CRC code extracted from (cj)jgN. 

The next Lemma states a bound on the number of different words that 
can be extracted from a fixed LRS. 

Lemma 9. Let u(x) G F g [x] such that degu(x) < degg(x). The cardinality 
ofC^ is 

9{x) 



I all =ord 



l<A(g(x),u(x)) 



The proof of Lemma follows directly from the relation between the number 
of words that can be extracted and the period of (ci)igN and the definition 
of the order of a polynomial. Details can be found in |CBH93j . 

Definition 10. Let u(x) € F g [x] ; the order of u(x) is the least natural 
number o u such that u(x) divides x° u — 1. 
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3.3. x-orbits, LRS and Words of C 1 - . In order to continue we need 
another algebraic structure, i.e. the x-orbits of the ring TZ q g . As we have 
already remarked, the g(x) and x are relatively prime. Let (x) denote the 
cyclic subgroup of the multiplicative group Mi generated by x, i.e. 



x k 



G M| | k € n} . 



Definition 11. The x-orbits are the sets resulting from the action of the 
cyclic group (x) on the ring TZg. For u an element of TZg, we denote with 
the x- orbit of u. 

It is well known that x-orbits can be considered as equivalence classes of 
the ring TZg. 

The next lemma gives an explicit relation between the x-orbits of two 
distinct elements of TZg and the respectively generated LRS's. The lemma 
will work with sets of words C^, i.e. words extracted from a LRS. 

Lemma 12. Let u\,u 2 be two distinct elements of TZg. Then the following 
relation 

u 2 g e£ ^ c£ = c£ 

holds. 

Proof. The proof consists of two parts. 

(=/-) By definition u 2 belongs to (£~ if and only if there exists j G N such 
that 

U2(x) = x 3 ui(x) (mod g(x)). 
Hence the LRS constructed from the polynomial u 2 {x) is the same 
as the LRS obtained by shifting that of the first polynomial j times, 
so that C^ 2 C C£ . 

The cardinality of the two sets is the same, as 
\C±\ = ordl „ 9 M , ,\ =oJ 9{X) 



U2 I 



Cd(g(x),u 2 (x)) J \gcd(g(x),x^u 1 (x)) 

j ( 9{x) \ _ ]r ± | 
01 \gcd(g(x), Ul (x))J 1 

since gcd(x, g{x)) = 1. This implies C^ 2 = C^. 
(<=) Let us suppose that there is no j G N such that 

u 2 (x) = x 3 u\{x) (mod g(x)). 

This implies that in the development of relation © beginning with 
ui(x), the polynomial u 2 (x) cannot be found in the right-hand side 
of the relation ©. Hence the LRS related to the second polynomial 
cannot be obtained as a shift of the LRS related to the first one. 
This implies that the sets and C^ 2 are different. 
The proof is complete. □ 

Previously, in Section |5J we stated the bijective relation between the dual 
code of a CRC code and the ring TZ q g . It follows from the previous lemma that 
the dual code can be constructed by taking the union of disjoint sets that 
are related to the x-orbits of the ring TZg. These orbits are also related to 
LRS's. Our goal is to find a representative of each x-orbit. Thereafter using 
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the fundamental step we will be able to compute the weight distribution of 
the dual code. 

4. Application of the Chinese Remainder Theorem 

We want now to obtain a representation of the structure of the ring TZg 
that will be useful for our particular algorithm. We will look for a decom- 
position of the ring into x-orbits. 

From the Chinese Remainder Theorem we know that 

m 

where g(x) = Y\h=i 9i{ x Y l ls the irreducible factor decomposition. 

Let us write the isomorphism explicitly in our case. The following theorem 
is claimed implicitly in |CBH93| . 

Theorem 13. Let g{x) 6 Fg[x] be a monic polynomial such that g(0) ^ 0, 
and let us consider its irreducible decomposition. 
The map 

m 

i=i 1 

given by 4>(u) = (u±, . . . , u m ) with 

ui(x) = u{x) (mod gi{x) ei ) 
is an isomorphism with inverse 

(jr 1 (tii,..., Vm) = S^ui(x)vi{x) (modg(x)), 

9l( x ) 1 

where vi(x) is the multiplicative inverse of g(x)/gi(x) ei in TZ q ei . 

9i 

Thanks to this theorem we can begin our study in the case of quotient 
rings of powers of irreducible polynomials. 

Let ui be an element of the ring TZ 9 e t ; the result of the action of x kl on 

u\ € 1Z q e l will be denoted by ti, , i.e. u, = x kl ui (mod gi(x) ei ). From 
the paper CBH93 and some calculations, one obtains the next theorem. 

Theorem 14. Let g(x) £ ¥ q [x] be monic with g(0) ^ and g(x) = YibLi 9l( x ) ei 
be its irreducible decomposition. Let also <£^, be the x-orbits oflZ q ei for 

9i 

I = 1, . . . ,m, with cardinality di and representative ui respectively. 
It follows that representatives of any x-orbits of the ring TZg are 

m 

1=1 1 

for < ki < K-i, for I = 2, . . . , m and 

/Q = gcd(d/,lcm((ii, . . 

A proof of the previous theorem can be done by induction using the para- 
graph titled Action of a Cyclic Group on a Cartesian Product of |CBH93| . 
where the authors analyze the case of the cartesian product of two sets. 
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5. Decomposition of 1Z q t into x-orbits 

r 

Let f be a natural number and let us consider an irreducible polynomial 
g{x) G of degree r. The following representation of the elements of 

TZ q t is also valid and will be useful for our work. 

Lemma 15. Every f G lZ q t can be represented in an unique way as 



f 



t-i 



£//(*)</(*)' 



1=0 



where fi(x) G ¥ g [x] and degfi(x) < degg(x). 

This representation of an element of lZ q t follows directly from the repre- 
sentation of any representative of the class in g{x) base. 

The next step is to investigate subsets of the ring 1Z q t which are closed 
under x-multiplication. The following theorem gives information about such 
subsets. 

Theorem 16. Let u(x) G F g [x] be the representative of minimal degree of 

a class u G TZ q t , and let s be the natural number 
g 



s : = max 



{i G N | g(x) l \u(x)} 



If we denote by u{x) £ F g [x] the polynomial obtained by dividing u(x) by 
g(x) s , then the following relation holds: 



max 



u'e^c K q gt 



{i G N | g(xY\u'(x)} 



[u'(x)/g{xy\ g e£ c n q gt . 



The proof of this theorem is an easy computation. 

Remark. From the previous theorem, two remarks can be extracted: 

(1) give an x-orbit the maximal power of g(x) that divides an ele- 
ment of the orbit does not depend of the choice of the element; 

(2) the choice of the best representative of x-orbits can be limited to 
the set of elements of lZ q t whose representatives in F g [x] are coprime 
with g(x). 

The next corollary follows from Lemma HKl and the previous theorem. 
Corollary 17. The ring 1Z q t can be decomposed as follows: 

t-i 

^ t = {o}uL>(*y-A^, 
i=i 

where the sets 

g(x) 1 ■ = G K q gt | u = [g{x) l u(x)\, u G M gt -i | 

are stable under x -multiplication. 
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5.1. Characterization of elements of M q t . Let us initially give a corol- 
lary of Lemma H5l 

Corollary 18. The element f G lZ q t is invertible if and only if, in the 
representation given in Lemma f73l fo(x) ^ 0. 

The group M q t is the multiplicative group of the ring lZ q t and is finite. 
By the theory of finitely generated abelian groups, M q t can be expressed as 
a product of cyclic groups. Let us investigate this structure more precisely. 

Let us distinguish between two cases: I = 1 and I > 2. The first case 
should also be split into two parts: either g{x) is primitive, or it is not. In 
both cases, the ring IZq is also a finite field, hence its multiplicative group 
is cyclic. The difference between the primitive and the non-primitive case 
lies in the choice of the generator element. If g(x) is a primitive polynomial, 
i.e. if ord(<7(cc)) = q r — 1, where degg(x) = r, then x G Mg is a good choice 
of generator. Otherwise, x is not a generator anymore. We will denote by 
h G Mg a generator of the group. 

Let us now consider the case I > 2. 

Theorem 19. The order of the group M q t is (q r — l)q( l ~ 1 > r . Moreover 

M q gl « Ml x S p , 

where S p is the p-Sylow subgroup of M q t . 

The group Mg has already been analyzed; we now study the structure of 
the p-Sylow subgroup. 

Theorem 20. Let f € M q l . The multiplicative order of f is a power of p 
if and only if there exists a polynomial m(x) £ F 9 [x] such that 

f = [1 + m(x)g(x)]. 

Proof. Let f(x) G ^q[%] be the representative of lowest degree of /, where 
/ is an element whose order is a power of p. There exists a unique way to 
write 

f(x)=f Q (x)+f^(x)g(x) 

with deg/ (x) < degg(x). 

Let k € N+ be such that p k > I. Then 

f(xf = (f (x)+f^(x)g(x)f = f (x)P k + (fV(x)g(x)f. 

In 7?y, this relation reduces to f pk = [/o(x) pfe ], and fo{x) pk is the lowest- 
degree representative of the class. Prom the equality criteria between poly- 
nomials, we see that fo(x) = 1. 

Vice- versa, let m(x) £ ~^q[x] be a polynomial such that 

f(x) = 1 + m{x)g{x). 

Let k G N+ be such that p k > I; then 

f(xf = (1 + m(x)g(x)f = 1 + (m(x)g(x)f, 

and this represents the identity in lZ q l . □ 
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Remark. From now on we will denote by a an element algebraic over F p of 
degree 5. Recall that 6 is such that q = p s . Therefore, we obtain ¥ q ~ F p [a]. 

Another notation that we will use extensively is the following: 

(4) <Hj,k( x ) = 1 + a l x j g{x) k € S p , 

where < i < 5, < j < r and 1 < k < I. We are now able to state 
the theorem that specifies the decomposition of the p-Sylow subgroup into 
a product of cyclic groups. 

Theorem 21. Let S p be the p-Sylow subgroup of M^. The following iso- 
morphism holds: 

where (aij^x)) C S p is the cyclic group generated by aij^x) and the 
parameter k satisfies the condition p\k. 

The proof of this theorem follows from the next lemma. 

Lemma 22. For any polynomial 

f{x) = 1 + f h (x)g(x) h + m(x)g(x) h+1 6 ¥ q [x] 

with h € N + and degfh(x) < degg(x), there exist numbers 

C(i,j) € {0, 1,... ,p- 1} 

such that 

H a M> (x) c <-> = fix) (mod g(x) h+1 ) 
for every < i < 5 and < j < r. 

Proof. The proof will be split into two parts: either p \ h, or p \ h. 

Let us first suppose that p\ h. The polynomial fh(x) can be written as 

fh(x) =^2c {ij) a l x J , 

1,3 

with C(jj) 6 F p . It follows that 

a iJA (x) c ^ = l + J^ + m'{x)g(x) h+l = 

= f(x) imodgix) h+1 ). 

Otherwise, if p \ h then h = ph' . The polynomial gix) is irreducible, thus 
the field IZg is perfect. This implies that the projection S TZ q g of fhix) is 
the p-th. power of some element I € !Z q g . Then we have 

K X ) P = fh(x) (mod gix)), 
where l(x) is the representative of I of lowest degree and then 

/(x) = c (ij) al x ^ ^ F g [x]. 

i,3 
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Hence, we can conclude that 

(II <',,./,<(•<•)' - )" = {l + l(x)g(xf +l(x)g(xf +1 ) p = 

= 1 + l(x) p g(x) ph ' + = f(x) (mod g{x) 

and the proof is complete. □ 
Proof. [Theorem |^ The polynomial fi(x) can be expressed as 

fi( x ) = ^ c (ij,i) alxi ■ 

1,3 

From the previous lemma we have 

(5) U.<Hj,l(x)^ = l + h{x)g{x)+m{x)g{xf. 

Let now consider f2(x) = f2{x) — m(x) (mod g(x)); then 

h(x) = ^2c {ijt2 )a t x J . 

Using the lemma once more, we obtain 

(6) a i,iAx) c ^ = 1 + h{x)g{x) 2 + m{x)g{x)\ 

Let us now multiply the relations (JHJ) and JHJ): 

(1 + fi{x)g(x) + m(x)g(x) 2 )(l + f 2 {x)g(x) 2 + rh(x)g(x) i ) = 
= 1 + h{x)g(x) + f 2 (x) + m(x)g(xf. 

The claim is obtained by iterating this computation I times. □ 
Let us now consider the homomorphism of groups 

A* : II ( a idA x )) -> S pi 

id,k 

where the parameters satisfy the conditions given in © and in addition 
p \ k. To prove that the map above is an isomorphism it is enough to prove 
injectivity. 

Theorem 23. With the conditions previously given on the parameters i,j, k, 
the following holds: 

I ai,j,k{x) c ^ k) = 1 (mod g{xf) <=4> c {ijk) = (mod ord(a idtk (x))). 

id,k 

Proof. Let us begin by expanding the power of each polynomial a^j^ix). 
Writing the exponents as 
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it follows that 

atj,k(x)^ = (l + aV^)')^ 1 

= (l + a ** Wfc V** (W j(2;) , *' (W ) C ' W * ) 

c' 

(7) = 1 + (n'"^" ' r/i,-)^ ' ) / '. 

The next step is to find the minimum exponent of g(x) in (|7j). We have 
to highlight all the terms where this exponent occurs to continue with the 
proof. Let us introduce the notation 

&p B := mm kp s ^ k ~> . 

In order to use this notation it is important that p \ k, so that any triplet 
k) giving this minimum is such that = 5. 

Now we will deal with the product Y\ { ■ k a^j^{x) c ^ k) • If we use (J7J and 
group all monomials according to the power of g(x) they contain, we obtain 

map* (%)■■= Yl im)^ xiP * = ( Yl c 'w) aixj ) pS 

where J is the set of all pairs for which the exponent kp Si -» k ^ is minimal. 

The polynomial m'(x) := ( ^{ijk) OL%x ' > does not vanish, because the 

pairs appear once in the sum. Moreover, the condition j < degg(x) 
says that no factor of g(x) divides m'(x). The hypothesis is then satisfied if 
and only if &p 5 > I. 

This last remark concludes the proof, because for any single factor of the 
product it follows that 

a itjM {xf^ k ) =1 (mod 

so that C(y-fc) = (mod ord(ajj i fe(a;))). □ 

5.2. Set of generators of the x-orbits of M^. In this subsection we will 
make the representatives of the rr-orbits of the ring explicit. We will use the 
results of previous sections to express these representatives via generators 
of the groups Mj ( with I < t. In Corollary 1171 we saw how to decompose 
the ring into a disjoint union of sets stable under x-multiplication. The 
representatives are then to be looked for in these sets. 

Let us give the order of the generators of the p-Sylow subgroup of Mj ( . 

Theorem 24. Let I G N. The elements aij^x) € M q u with parameters 
satisfying © and such that p\k, have order 

ord(a^(x))= p r io MAl. 

Proof. Thanks to Theorem I2U1 the order of the elements ai t j^( x ) is a power 
of p. For m € N we have 

a t , hk {xY m = (1 + a*xig(x) k r m = 1 + (a l x^g(x) k )y m (mod g(x) 1 ). 
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Since gcd(a l x- ? , g(x)) = 1 we get 

(a i x j g{x) k ) pm = (mod g{x) 1 ) <^ g(x) kpm = (mod g{x) 1 ) 

<=> kp m > I. 

It follows that the lowest exponent of p which fulfills the previous relation 
is 

m = \log p l/k] 

and the proof is complete. □ 

To investigate the construction of the x-orbits more deeply, we have to 
divide the cyclic group (x) into product of others cyclic groups. 

Theorem 25. Let I € N. The order of the element x S M q , is 

J gl 

ord(x) = ord(<?(x)) • p^ log p l \ 
Proof, ord(x) is such that 

(8) x old{x) = 1 (mod g{x) 1 ) =► g(x) 1 \ x old{x) - 1. 

If we write ord(x) = m = p s fh, with p \ fh, then 

x m -l = x pS ™-l = (x™ -l) pS . 

We are working in characteristic p, hence every irreducible factor of x m — 1 
has multiplicity p s . Relation Q tells us that the multiplicity has to be at 
least I, then p s > I, i.e. s > [log p Z]. 
We also know that 

g(x) | x rn — 1 <^=^ ord(#(x)) | m. 

The order of x is the least common multiple of p^°&v 1 ^ and ord{g(x)); as 
these are coprime, and the claim follows. □ 

Corollary 26. The cyclic group (x) C is isomorphic to the product of 
two cyclic groups whose orders are p^ log p^ and ord(g(x)), respectively. 

Remark. Using the representation of the groups given in the previous 
section we can make the previous corollary explicit. We have 

(x) RS (x p (x)) X (xo g (x)) 

where (x p (x)) C S p and (x p (x)) C Mg. Without loss of generality we can 
take 

Xp(x) := x OTd ^ x ^ G S p and x Dg (x) := h(x)^kl G M| 
where h(x) is the generator of Mq. 

Theorem 27. Let x p (x) £ S p C M^ t be an element of order p^ log p l \ There 
exist parameters < iq < 5 — 1 and < jo < deg g{x) such that 

S p w (x p (x)) x (ai J:k (x)), 

i,j,k 
(i.j.k)^(i ,jo,l) 

where (i,j,k) satisfy (j3J) andp\k. 
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Proof. The element x p belongs to the p-Sylow subgroup; hence, thanks to 
Theorem 1211 it has a representation via polynomials Oi j k(x), i.e. 

x p0) = II a iJ,k( x ) C(ljk) ( m °d 9{x) 1 ). 

The order of the element is the highest possible power of p. Thanks to the 
above representation, there exist < io < 5 — 1 and < jo < degg(x) such 
that 

gcd(c ( i ojol) ,p) = 1. 
For every e.[ijk) G N the following relation holds 



i,j,k i,j,k 

(i,j,fe)^(io,j'o,l) 



with 



er 



Hioioi) ■ ( c (ioiol)) 1 (mod^M) 
\ijk) = e(ijk) ~ C(i jk )e p (modp riog p' /fel ). 

The proof is complete. □ 

We can now state the theorem that specifies every possible representative 
of the x-orbits of M q , . 

Theorem 28. Let g(x) G ^q[x] be a degree-r irreducible polynomial and 
I > 2. There exist < io < S — 1 and < jo < degg(x) such that the set 

ihix)* • (1 + tfxi g{x) k ) c m) (mod g(x) 1 )}, 

(i,j,k)it(io,joA) 
0<i<8, 0<j<r 
l<k<t, p\k 

is a family of repretatives of orbits inM^. Here, h(x) is a primitive element 

oflZg, a 6 F 9 is an algebraic element of degree 5 over ¥ p , and t and cuj}-) 
are such that 

• <t < or d(g(j)) 

• 0<c m) <p^ l / k \ 

Proof. The theorem is quickly proved by rewriting 

u' G <t^ 3 v G N : u'(x) = x v u(x) (mod g{x) 1 ) 

as 

v! G £^ 3i/,/iGN : ii'(x) = x p (x) !/ x 09 (x) At 'u(x) (mod ^(x/) 

and applying Theorem 1271 □ 
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5.3. Backward Steps. In this part of the article we make some steps back- 
ward. 

Our goal was to construct the representatives of the ring TZg with g(x) 
any polynomial of ¥ q [x] . 

Using Theorem 1281 we obtain, for every irreducible polynomial gi(x) in 
the decomposition of g(x), the representatives of their x-orbits in M q s for 
1 < s < ei . Corollary El gives us the opportunity to compute the repre- 
sentatives of the ring TZ q H . This step is easily done: the representatives of 

M q s for 1 < s < ei multiplied with a well-chosen power of g(x) give as result 

representatives of TZ q H ■ 

By considering all possible irreducible polynomials of the decomposition 
of g{x), we obtain representative of all rings TZ H . The next step is to 

use Theorem 1141 and with that we make the representative of the ring TZg 
explicit. 

In involving, at the end, the fundamental step of the algorithm to the 
LRS's related to the representatives of TZg, we obtain the weight distribution 
of the dual code of a CRC code. 

6. Conclusions 

We analyzed the complexity of the algorithm in the case of TZ t where 
g(x) is an irreducible polynomial. It turns out to be 

0(p Sr 6rt 2 (n + pt)), 

but since pt is smaller then n in any practical application the complexity 
can be reduced to 

0(p 5r 5rt 2 n). 

If we consider all the elements of the ring TZ q t instead of only some repre- 
sentatives, the complexity is 

0{p &rt n). 

It is easy to see that the two complexities differ only with respect to the t 
parameter. The complexity in our case is polynomial in t, while in the other 
case it is exponential. 
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